What is web server security?
Web server security is important to any organization with a virtual web server connected to the Internet. This requires multi-layered defense and is especially important for organizations with customer-centric websites.
Separate servers should be used for internal and external applications and servers for external applications applications must be hosted on a DMZ or containerized service network to prevent an attacker from exploiting a vulnerability to access sensitive internal information.
Penetration tests should be run regularly to identify potential attack vectors, which are often caused by outdated server modules, configuration or coding errors, and bad patch management. Website security logs should be checked at all times and kept in a safe place. Other best practices include using a separate development server to test and debugging, by limiting the number of superuser and administrator accounts and the deployment of an Intrusion Detection System (IDS) which includes monitoring and analysis of user and system activity, recognition of typical attack patterns and analysis of activity patterns abnormal.
This was last updated in May 2015